One team that was purged from HHS managed over a hundred contracts worth hundreds of millions of dollars, including crucial cybersecurity licenses. It also managed the renewal of contracts for hundreds of specialized contractors who perform critical tasks for the department, including a dozen cybersecurity contractors who work at the Computer Security Incident Response Center (CSIRC)—the primary component of the department’s overall cybersecurity program which is overseen by the chief information security officer.
While all of HHS’s agencies have their own cybersecurity and IT teams, the CSIRC is the only one that has visibility across the entire network of the department. This center, based in Atlanta, monitors the entire HHS network and is tasked with preventing, detecting, reporting, and responding to cybersecurity incidents at HHS.
“It is the department’s nerve center,” the source says. “It has direct links to DHS, CISA, Defense Health Agency, and the intelligence community.”
The contractors provide round-the-clock coverage on three eight-hour shifts every single day, monitoring the network for any possible outages or attacks from inside or outside the network. Those contracts are set to expire on June 21; while there is time to renew them, it’s not clear who is authorized to do so or knows how, since the entire office that oversees the process is no longer working at HHS.
Adding to the threat is the decision by the General Service Administration to terminate the lease for the CSIRC in Atlanta, effective December 31, 2025.
Many of the cybersecurity and monitoring tools the contractors use to monitor the networks are also due for renewal in the coming months.
If the situation is not addressed, “pretty soon, the department will be completely open to external actors to get at the largest databases in the world that have all of our public health information in them, our sensitive drug testing clinical trial information at the NIH or FDA or different organizations’ mental health records,” the source claims, echoing the opinions of other sources who spoke to WIRED.
In the weeks leading up to the RIF, some administrative staff did have interactions with Elon Musk’s so-called Department of Government Efficiency (DOGE) operatives, including Clark Minor, a software engineer who worked at Palantir for over a decade and was recently installed as the department’s chief information officer.
As one employee was detailing the work they did at the OCIO, they said, they got the sense that Minor—whose online résumé does not detail any experience in the federal government—seemed overwhelmed by the sheer scale of HHS, an agency that accounted for over a quarter of federal spending in 2024 and consists of an almost innumerable amount of offices and staff and operating divisions.
Minor has not provided guidance to the remaining HHS staff on the transition, according to two sources still at the agency.
Minor did not respond to a request for comment from WIRED.
Some internal systems are already breaking down, according to sources still working at HHS. One employee, who facilitates travel for HHS employees, says the RIF “set federal travel back to processes that were in place prior to the first Electronic Travel System contract in 2004.”
